Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Next Gen SIEMIncorporating Threat Intelligence & UEBA
Product Brochure
02
Product Brochure Next Gen SIEM Incorporating Threat Intelligence & UEBA
Discover and prioritise real threats in real-time
Next generation Security Incident & Event Management
Next Gen SIEM is designed to
quickly and accurately detect
non-compliant system activity,
anomalous behaviour, security
issues and cyber threats.
Huntsman Security’s Next Gen SIEM is a cyber security
analytics product with built-in threat intelligence and
behaviour anomaly detection, designed to analyse
high volume streams of data in real-time to quickly
and accurately detect non-compliant system activity,
anomalous behaviour, security issues and cyber threats.
The technology is an ideal foundation for
your Security Operations Centre (SOC).
It operates quickly and autonomously,
interfaces with all your systems and
security controls and works the way your
people and stakeholders need it to.
Identified as a strong performer in the Forrester Wave™: Security Analytics
Platforms Q3 2018, Huntsman Security’s
Next Gen SIEM is recognised for its
compliance monitoring capabilities and
massive scalability for large environments.
03
Product Brochure Next Gen SIEM Incorporating Threat Intelligence & UEBA
What Next Gen SIEM delivers
Huntsman Security’s Next Gen SIEM delivers:
• Rapid incident response and resolution - advanced real-time
collection, analysis and threat detection with live dashboard and
alerting
• Easy to understand in-depth investigation - comprehensive
business intelligence data query and reporting interface
• Reduced operational risk – process automation delivers live
compliance dashboards, reporting and security workflow to streamline analyst activities
• Visibility for all stakeholders - customisable compliance reporting
and dashboards for executives, auditors and customers
• Rapid identification and resolution of risks - unified security information and incident management
• Shortens time at risk - end-to-end incident tracking with active
investigation and reporting
• Detection of anomalous situations - within networks, operating
systems and application layers
• Significant ROI improvements - from existing security investments and operational efficiencies within the SOC environment.
Next Gen SIEM – Incident Status Dashboard
04
Product Brochure Next Gen SIEM Incorporating Threat Intelligence & UEBA
Next Gen SIEM – how it works
Security Monitoring & Compliance Reporting
Huntsman Security's Next Gen SIEM is the cornerstone of the highly
regarded defence grade Huntsman Security Platform. It is a full-
featured security and compliance solution that provides:
• Real-time collection and analysis of log, event and system data;
• Detection of unknown and unknowable threats;
• Highly flexible architecture and support for high volume data throughput rates;
• Comprehensive data display, dashboard and investigation
capabilities;
• Integrated incident management capabilities for incident
investigation, escalation and resolution; and
• Role based access controls, audit trails and high levels of automation to
streamline security operations.
It supports a comprehensive data collection, threat detection, alert
analysis, incident response and reporting lifecycle.
It provides a fully integrated incident management module that highlights
incidents to ensure that alerts can be tracked, investigated within a
structured workflow, escalated and resolved swiftly.
Flexible Data Collection
Huntsman Security’s Next Gen SIEM provides a flexible, fully customisable interface to collect any data from any source, to
structure it and parse it through the analytics engines.
• High speed, real-time, stream-based processing, correlation and
alerting engine to enable detection of non-compliant activity,
security, loss or fraud threats or policy breaches in real time to
enable a prompt response
• Complete flexibility around collection including syslog, event logs, file-based, XML, database query, network flow data etc. both agent-based and agentless
• Ability to support external cloud based services at IaaS, PaaS or
SaaS layers that enable complete security visibility over on- and
off- premise systems
• Normalised and original log file collection for evidential and forensic purposes
• Infinitely scalable data model – allowing multiple live/accessible repositories and limitless off-line storage for archive, compliance or historical analysis purposes
Huntsman
Security's Next
Gen SIEM supports
a comprehensive
data collection,
threat detection,
alert analysis,
incident response
and reporting
lifecycle.
05
Product Brochure Next Gen SIEM Incorporating Threat Intelligence & UEBA
Advanced Analysis
Next Gen SIEM’s analytic engine provides real-time analysis using
policy based deterministic techniques as well as correlation to
highlight issues for immediate attention by the operators.
• Real-time behaviour anomaly detection using machine-based
learning to deliver behavioural .based profiling and detection
• Tracking of multiple concurrent alerts across multiple sources by
security operators
• File and directory integrity monitoring to provide data security to
critical business information
• Risk and asset classification to trace threats and potential business impacts and criticalities
• Prioritises information and alerts for either attention or
automated corrective action
Effective Response
Detection of anticipated cyber-security threats is only a part of the
solution for the security analyst – typically, that is where the hard
work starts. Next Gen SIEM provides a flexible, context-based query interface, alert tracking, automated workflow support and a full incident management solution that maintains case data in a single
case record. The solution delivers:
• The answers to “who, what, where, when and how” immediately
after an event
• Active response capability to mitigate threats or gather any
additional data to aid later diagnostic processes immediately after
an alert is raised
• Full alert tracking and incident management solution with
workflow support, escalation, case data management and resolution/closure reporting
• Integration with third party solutions for ticketing, SNMP/network management, API access and threat mitigation
Detection of
anticipated cyber-
security threats is
only a part of the
solution for the
security analyst
– typically, that is
where the hard
work starts.
06
Product Brochure Next Gen SIEM Incorporating Threat Intelligence & UEBA
State-Of-The-Art Visibility & Business Intelligence
Gaining access to data, that (i) provides security analysts with
detailed technical views to assist incident resolution and; (ii) displays
a single-page compliance summary and risk views for senior
stakeholders is a fundamental part of the product – providing a
rapid understanding of the cyber-security and compliance posture of
your business.
• Continuous real time security and risk dashboards for compliance
status visibility “as events happen”
• Business intelligence drill-down query interface for ad hoc or
saved context based queries, tabbed data views and interactive
filtering
• Dynamic real-time view of all network connections, system
activities and user interactions
• Out-of-the-box or tailored scheduled and ad hoc reports with
automatic storage and distribution for management and technical
stakeholders
• Extensive query and report library containing hundreds of
pre-defined reports arranged by source type, event type and compliance standards
• Full role-based and granular access control model and extensive
audit trail with trusted replay for all activity
State-of-the-art visibility
and business Intelligence
provides security analysts
with detailed technical
views – providing a
rapid understanding of
the cyber-security and
compliance posture of
your business.
07
Product Brochure Next Gen SIEM Incorporating Threat Intelligence & UEBA
Product Features Next Gen
SIEM
Data Collection and Anaylsis
Continuous Monitoring 3
Real-time collection 3
Correlation and alerting 3
Behavioural Anomaly Detection / Machine learning engine 3
Network flow monitoring (Netflow/pcap) 3
Threat Intelligence (internal or 3rd party) 3
Reference tables of platforms, hosts, users for analysis 3
Unlimited/free agents 3
Original log file collection 3
File/Directory integrity monitoring 3
Reporting and Visibility
Query/display interface 3
Operational dashboards 3
OOTB Compliance packs 3
GRC dashboards 3
Ad hoc and scheduled reports 3
Web-based “Business Intelligence” interface 3
Workflow and Automation
Incident manager 3
Scripted/defined response (automatic or manual) 3
Alert tracking and workflow support 3
Management
Role-based and granular access control 3
Full audit trail 3
Asset manager tool 3
High availability/Clustering 3
Multiple on-line data repositories 3
Automatic data backup, aging and archive 3
SupportPhone/Email 3
Onsite 3
twitter.com/Tier3huntsman
HUNTSMAN | TIER-3 PTY LTD
ASIA PACIFIC
t: +61 2 9419 3200
Level 2, 11 Help Street
Chatswood NSW 2067
EMEA
t: +44 845 222 2010
7-10 Adam Street, Strand
London WC2N 6AA
NORTH ASIA
t: +81 3 5953 8430
Awajicho Ekimae Building 5F
1-2-7 Kanda Sudacho
Chiyodaku, Tokyo 101-0041
linkedin.com/company/tier-3-pty-ltdhuntsmansecurity.com
© 2019 Tier-3 Pty Ltd, All rights reserved
About Huntsman SecurityHuntsman Security is the trading name of Tier-3 Pty Ltd. The technology’s heritage lies in delivering a key foundation stone of the cyber security risk management, monitoring
and response capability in some of the most secure and sensitive environments
within the intelligence, defence and criminal justice networks across the world, where
Huntsman Security solutions are deployed and accredited to the highest security levels.
Want to find out more? For a more detailed discussion regarding your security operations
requirements, please contact the appropriate office listed below.